Record Analyzer Interface
- andrew johnston (Unlicensed)
- AlexI (Unlicensed)
| Field | Description | Notes |
|---|---|---|
 | Widget label | |
 | When records are ingested, there are two modes: "streaming: true", and "streaming: false" The "View Live" and "View Saved" toggle buttons on the widget toolbar toggle between viewing of these two modes. | |
 | The "Community Filter" toggle is by default "Off" meaning that the list of communities in the main GUI is ignored. If "On", only currently selected communities are scanned. Note that the "refresh button" in the top right of the Kibana view must currently be pressed after changing the toggle. | |
 | The data types viewed can be selected using the three "Show:" toggles: Logs: Show records harvested using the Logstash extractor Custom: Shows the results of custom jobs that have been configure with "$output.indexMode": "custom" The custom fields get given "_type": "custom", and "sourceKey": <"custom:" then the custom job title> Docs: Shows a subset of "normal" documents. |
|
| Add Doc Query | Adds the query from the GUI to the Record Analyzer query bar. |
About the Kibana GUI
Note that it is out of scope of this documentation to define the fields of the Kibana GUI. For more information, see the Kibana documentation.
Only the following fields are (currently) visible in the "Table" view (eg "All Events"):
| Field | Description | Note |
|---|---|---|
| "message" | from the title | |
| @timestamp" | from publishedDate | |
| "url" | ||
| "displayUrl" | ||
| "tags" | ||
| "type" | from mediaType |
Entities and associations use "nested" fields, which Kibana does not currently support.
Fields configured to be non-indexed by the harvester (eg Search index settings pipeline element) cannot be viewed
About Kibana Dashboards
In the Kibana widget all users can see all dashboards. The Community Edition version is more restrictive:
Dashboards are stored as shares that can be edited/shared/deleted from the File Uploader.
"Live" dashboards are only visible in "live" mode, and similarly for "Saved"
When a dashboard is first saved, it is shared across all currently selected communities and for the given live/stashed mode.